The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traffic does not pass over Site-to-Site VPN tunnel when choosing SHA-256 for IKE Phase 2 negotiation
|
Technical Level
|
Solution ID |
sk66441 |
Technical Level |
|
Product |
IPSec VPN |
Version |
R75.20 (EOL), R75.30 (EOL) |
Platform / Model |
All |
Date Created |
04-Jan-2012
|
Last Modified |
23-Oct-2018
|
Symptoms
Site-to-Site VPN negotiation succeeds, however traffic does not flow over the tunnel.
The following log appear in SmartView Tracker (depending on the settings):
Changing the Phase 2 properties of the VPN Community to perform data integrity with any method other than SHA-256 resolves the issue
(SmartDashboard - go to 'IPSec VPN
' tab - open problematic Site-to-Site Community - go to 'Encryption
' - in the section 'Encryption Suite
', select 'Custom
' - click on 'Advanced...
' - in the section 'IPsec Security Association (Phase 2) Properties
', refer to the field 'Perform data integrity with
').
Status of SecureXL (enabled/disabled) on VPN Gateways is not relevant.
Solution
|
Note: To view this solution you need to
Sign In
.
|